A quick Saturday digest of cybersecurity news articles from other sources.
From Reddit/r/Comptia: Is CompTIA A+ Worth Doing?
Hi all,
I am trying to make a career change from support admin to IT. When talking to some of my more experienced friends I’ve been advised to do it and one of them send me this article which came out as pretty informative and got my mind set. So, I was just wondering If any of you has done it already and would you share your experience about the course and job finding after. Thank you.
I have A+, N+ and Sec+, all within 90 days. I then picked up several Microsoft certs and ITILv3. I took the A+ without prior experience, just reading and watching training videos. I took N+ soon after and same with Sec+. I went from Field Service Technician to, Desktop Support Specialist, to Jr Says Admin, to Sr.Sys Admin and have since been an IT Infrastructure Engineer who only takes Sys and Network Admin escalations. No end-user interaction. I don’t have a degree.
How long did it take to get there?
-
Field Service Technician – 1 year
-
Desktop Support Specialist – 1 year.
-
Jr Sys Admin – 1.5 years
-
Sys Admin 1 year
-
Sr Sys Admin 2 years
-
Infrastructure Engineer -this is my 4th year
Can you share the income?
-
Field Service Tech $13/hour
-
Desktop Support Specialist $17.50 /hour
-
Jr Sys Admin $37,000 salary
-
Sys Admin $48,000
-
Sr. Sys Admin $75,000
-
Infrastructure Engineer $95,000
Ghostscript bug could allow rogue documents to run system commands
Even if you’ve never heard of the venerable Ghostscript project, you may have it installed without knowing. If you use Adobe Postscript, PDF or EPS files you need to read this article.
WordPress plugin lets users become admins – Patch early, patch often!
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins. A privilege escalation vulnerability.
Engineering PCs, Other Devices Most at Risk for Security Vulnerabilities
New research on operational technology vulnerabilities by Armis found that 56% of engineering workstations have at least one unpatched critical severity.
As operational technology (OT) merges with IT, vulnerabilities in operational tech systems are a new threat, not least because these networks involve control frameworks for industrial systems, buildings and major infrastructure. The problem isn’t theoretical, given past attacks that exploited critical security vulnerabilities in Windows systems that are used to control OT.
New data from asset visibility and security firm Armis shows the depth of the problem. The firm’s Asset Intelligence and Security Platform, which Armis said tracks over three billion assets, found critical vulnerabilities in engineering workstations, supervisory control and data acquisition (SCADA) servers, automation servers, control system historians and programmable logic controllers, which are also the most vulnerable OT and industrial control systems. More…
2023 CWE Top 25 Most Dangerous Software Weaknesses
06/29/2023 02:00 PM EDT
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.
The 2023 CWE Top 25 also incorporates updated weakness data for recent CVE records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog (KEV).
CISA encourages developers and product security response teams to review the CWE Top 25 and evaluate recommended mitigations to determine those most suitable to adopt. Over the coming weeks, the CWE program will be publishing a series of further articles on the CWE Top 25 methodology, vulnerability mapping trends, and other useful information that help illustrate how vulnerability management plays an important role in Shifting the Balance of Cybersecurity Risk.
Share
JUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com